class Puppet::Network::AuthConfig

Constants

DEFAULT_ACL

Attributes

rights[RW]

Public Class Methods

new(rights=nil) click to toggle source 
# File lib/puppet/network/authconfig.rb, line 71
def initialize(rights=nil)
  @rights = rights || Puppet::Network::Rights.new
  insert_default_acl
end

Public Instance Methods

check_authorization(indirection, method, key, params) click to toggle source

check whether this request is allowed in our ACL raise an Puppet::Network::AuthorizedError if the request is denied.

# File lib/puppet/network/authconfig.rb, line 64
def check_authorization(indirection, method, key, params)
  if authorization_failure_exception = @rights.is_request_forbidden_and_why?(indirection, method, key, params)
    Puppet.warning("Denying access: #{authorization_failure_exception}")
    raise authorization_failure_exception
  end
end
insert_default_acl() click to toggle source

force regular ACLs to be present

# File lib/puppet/network/authconfig.rb, line 35
def insert_default_acl
  DEFAULT_ACL.each do |acl|
    unless rights[acl[:acl]]
      Puppet.info "Inserting default '#{acl[:acl]}' (auth #{acl[:authenticated]}) ACL"
      mk_acl(acl)
    end
  end
  # queue an empty (ie deny all) right for every other path
  # actually this is not strictly necessary as the rights system
  # denies not explicitely allowed paths
  unless rights["/"]
    rights.newright("/").restrict_authenticated(:any)
  end
end
mk_acl(acl) click to toggle source 
# File lib/puppet/network/authconfig.rb, line 50
def mk_acl(acl)
  right = @rights.newright(acl[:acl])
  right.allow(acl[:allow] || "*")

  if method = acl[:method]
    method = [method] unless method.is_a?(Array)
    method.each { |m| right.restrict_method(m) }
  end
  right.restrict_authenticated(acl[:authenticated]) unless acl[:authenticated].nil?
end